001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.util.GetterUtil;
018 import com.liferay.portal.kernel.util.ParamUtil;
019 import com.liferay.portal.kernel.util.Validator;
020 import com.liferay.portal.model.Company;
021 import com.liferay.portal.model.CompanyConstants;
022 import com.liferay.portal.model.User;
023 import com.liferay.portal.security.pwd.PwdEncryptor;
024 import com.liferay.portal.service.UserLocalServiceUtil;
025 import com.liferay.portal.util.PortalUtil;
026
027 import java.util.Properties;
028
029 import javax.servlet.http.HttpServletRequest;
030 import javax.servlet.http.HttpServletResponse;
031
032
036 public class ParameterAutoLogin extends BaseAutoLogin implements AuthVerifier {
037
038 public String getAuthType() {
039 return ParameterAutoLogin.class.getSimpleName();
040 }
041
042 public AuthVerifierResult verify(
043 AccessControlContext accessControlContext, Properties properties)
044 throws AuthException {
045
046 try {
047 AuthVerifierResult authVerifierResult = new AuthVerifierResult();
048
049 String[] credentials = login(
050 accessControlContext.getRequest(),
051 accessControlContext.getResponse());
052
053 if (credentials != null) {
054 authVerifierResult.setPassword(credentials[1]);
055 authVerifierResult.setState(AuthVerifierResult.State.SUCCESS);
056 authVerifierResult.setUserId(Long.valueOf(credentials[0]));
057 }
058
059 return authVerifierResult;
060 }
061 catch (AutoLoginException ale) {
062 throw new AuthException(ale);
063 }
064 }
065
066 @Override
067 protected String[] doLogin(
068 HttpServletRequest request, HttpServletResponse response)
069 throws Exception {
070
071 String login = ParamUtil.getString(request, getLoginParam());
072
073 if (Validator.isNull(login)) {
074 return null;
075 }
076
077 String password = ParamUtil.getString(request, getPasswordParam());
078
079 if (Validator.isNull(password)) {
080 return null;
081 }
082
083 Company company = PortalUtil.getCompany(request);
084
085 String authType = company.getAuthType();
086
087 long userId = 0;
088
089 if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
090 userId = UserLocalServiceUtil.getUserIdByEmailAddress(
091 company.getCompanyId(), login);
092 }
093 else if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
094 userId = UserLocalServiceUtil.getUserIdByScreenName(
095 company.getCompanyId(), login);
096 }
097 else if (authType.equals(CompanyConstants.AUTH_TYPE_ID)) {
098 userId = GetterUtil.getLong(login);
099 }
100 else {
101 return null;
102 }
103
104 if (userId > 0) {
105 User user = UserLocalServiceUtil.getUserById(userId);
106
107 String userPassword = user.getPassword();
108
109 if (!user.isPasswordEncrypted()) {
110 userPassword = PwdEncryptor.encrypt(userPassword);
111 }
112
113 String encPassword = PwdEncryptor.encrypt(password);
114
115 if (!userPassword.equals(password) &&
116 !userPassword.equals(encPassword)) {
117
118 return null;
119 }
120 }
121
122 String[] credentials = new String[] {
123 String.valueOf(userId), password, Boolean.FALSE.toString()
124 };
125
126 return credentials;
127 }
128
129 protected String getLoginParam() {
130 return _LOGIN_PARAM;
131 }
132
133 protected String getPasswordParam() {
134 return _PASSWORD_PARAM;
135 }
136
137 private static final String _LOGIN_PARAM = "parameterAutoLoginLogin";
138
139 private static final String _PASSWORD_PARAM = "parameterAutoLoginPassword";
140
141 }